From nobody@FreeBSD.org  Sun Oct  7 13:31:28 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1003B1065670
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  7 Oct 2012 13:31:28 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id D57098FC1D
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  7 Oct 2012 13:31:27 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q97DVRV3031867
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 7 Oct 2012 13:31:27 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id q97DVR40031866;
	Sun, 7 Oct 2012 13:31:27 GMT
	(envelope-from nobody)
Message-Id: <201210071331.q97DVR40031866@red.freebsd.org>
Date: Sun, 7 Oct 2012 13:31:27 GMT
From: Garrett Cooper <yaneurabeya@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] [fetch] add HTTP 305 handling to libfetch
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         172452
>Category:       bin
>Synopsis:       [patch] [libfetch] add HTTP 305 handling to libfetch
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    eadler
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 07 13:40:13 UTC 2012
>Closed-Date:    Tue Oct 30 03:30:53 UTC 2012
>Last-Modified:  Sun Feb 03 22:31:08 UTC 2013
>Originator:     Garrett Cooper
>Release:        9.1-STABLE
>Organization:
EMC Isilon
>Environment:
FreeBSD bayonetta.local 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r240836M: Sat Sep 22 12:30:11 PDT 2012     gcooper@bayonetta.local:/usr/obj/store/freebsd/stable/9/sys/BAYONETTA  amd64
>Description:
While poking around RFC-2616 and looking at libfetch for bin/172451, I noticed that libfetch wasn't handling HTTP 305 style redirects. From the RFC...

10.3.6 305 Use Proxy

   The requested resource MUST be accessed through the proxy given by
   the Location field. The Location field gives the URI of the proxy.
   The recipient is expected to repeat this single request via the
   proxy. 305 responses MUST only be generated by origin servers.

      Note: RFC 2068 was not clear that 305 was intended to redirect a
      single request, and to be generated by origin servers only.  Not
      observing these limitations has significant security consequences.

Plugging in the support was relatively trivial, but my patch isn't ultra paranoid like noted here. I poked around curl and wget, and discovered that curl implements the support, but they don't do the "paranoia checking" and instead just redirect and wget doesn't implement it at all.

Whether or not it's useful to implement this is a good question, but the simple patch is available for any interested parties.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: lib/libfetch/http.c
===================================================================
--- lib/libfetch/http.c	(revision 241309)
+++ lib/libfetch/http.c	(working copy)
@@ -103,6 +103,7 @@
 #define HTTP_MOVED_TEMP		302
 #define HTTP_SEE_OTHER		303
 #define HTTP_NOT_MODIFIED	304
+#define HTTP_USE_PROXY		305
 #define HTTP_TEMP_REDIRECT	307
 #define HTTP_NEED_AUTH		401
 #define HTTP_NEED_PROXY_AUTH	407
@@ -112,7 +113,8 @@
 #define HTTP_REDIRECT(xyz) ((xyz) == HTTP_MOVED_PERM \
 			    || (xyz) == HTTP_MOVED_TEMP \
 			    || (xyz) == HTTP_TEMP_REDIRECT \
-			    || (xyz) == HTTP_SEE_OTHER)
+			    || (xyz) == HTTP_SEE_OTHER \
+			    || (xyz) == HTTP_USE_PROXY)
 
 #define HTTP_ERROR(xyz) ((xyz) > 400 && (xyz) < 599)
 
@@ -1697,6 +1698,7 @@
 		case HTTP_MOVED_PERM:
 		case HTTP_MOVED_TEMP:
 		case HTTP_SEE_OTHER:
+		case HTTP_USE_PROXY:
 			/*
 			 * Not so fine, but we still have to read the
 			 * headers to get the new location.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Sun Oct 7 13:46:41 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172452 
State-Changed-From-To: open->analyzed 
State-Changed-By: eadler 
State-Changed-When: Thu Oct 11 14:14:08 UTC 2012 
State-Changed-Why:  
awaiting approval / review 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172452 
State-Changed-From-To: analyzed->patched 
State-Changed-By: eadler 
State-Changed-When: Thu Oct 25 23:23:55 UTC 2012 
State-Changed-Why:  
committed in HEAD 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172452 
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Tue Oct 30 03:30:52 UTC 2012 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172452 
>Unformatted:
